123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800 |
- <?php
- use ChamiloSession as Session;
- require_once api_get_path(SYS_CODE_PATH).'auth/external_login/ldap.inc.php';
- require 'ldap_var.inc.php';
- function ldap_login($login, $password)
- {
-
- $res = ldap_authentication_check($login, $password);
-
-
- if ($res == 1) {
-
- if (isset($log)) {
- unset($log);
- }
- if (isset($uid)) {
- unset($uid);
- }
- $loginLdapSucces = false;
- }
- if ($res == -1) {
-
- $login_ldap_success = false;
- }
- if ($res == 0) {
-
- $login_ldap_success = true;
- }
-
- $result = $login_ldap_success;
- return $result;
- }
- function ldap_find_user_info($login)
- {
-
- global $ldap_host, $ldap_port, $ldap_basedn, $ldap_rdn, $ldap_pass, $ldap_search_dn;
-
-
-
- $ldap_connect = ldap_connect($ldap_host, $ldap_port);
- ldap_set_version($ldap_connect);
- if ($ldap_connect) {
-
-
- $ldap_bind = false;
- $ldap_bind_res = ldap_handle_bind($ldap_connect, $ldap_bind);
- if ($ldap_bind_res) {
-
-
-
-
-
- if (!empty($ldap_search_dn)) {
- $sr = ldap_search($ldap_connect, $ldap_search_dn, "uid=$login");
- } else {
- $sr = ldap_search($ldap_connect, $ldap_basedn, "uid=$login");
- }
-
-
-
- $info = ldap_get_entries($ldap_connect, $sr);
-
- }
-
- ldap_close($ldap_connect);
- }
-
- $result["firstname"] = $info[0]["cn"][0];
- $result["name"] = $info[0]["sn"][0];
- $result["email"] = $info[0]["mail"][0];
- $tutor_field = api_get_setting('ldap_filled_tutor_field');
- $result[$tutor_field] = $info[0][$tutor_field];
- return $result;
- }
- function ldap_put_user_info_locally($login, $info_array)
- {
-
- global $ldap_pass_placeholder;
- global $submitRegistration, $submit, $uname, $email,
- $nom, $prenom, $password, $password1, $status;
- global $platformLanguage;
- global $loginFailed, $uidReset, $_user;
-
- $uname = $login;
- $email = $info_array["email"];
- $nom = $info_array["name"];
- $prenom = $info_array["firstname"];
- $password = $ldap_pass_placeholder;
- $password1 = $ldap_pass_placeholder;
- $official_code = '';
- define("STUDENT", 5);
- define("COURSEMANAGER", 1);
- $tutor_field = api_get_setting('ldap_filled_tutor_field');
- $tutor_value = api_get_setting('ldap_filled_tutor_field_value');
- if (empty($tutor_field)) {
- $status = STUDENT;
- } else {
- if (empty($tutor_value)) {
-
-
- if (!empty($info_array[$tutor_field])) {
- $status = COURSEMANAGER;
- } else {
- $status = STUDENT;
- }
- } else {
-
- if (is_array($info_array[$tutor_field]) && in_array($tutor_value, $info_array[$tutor_field])) {
- $status = COURSEMANAGER;
- } else {
- $status = STUDENT;
- }
- }
- }
-
-
- $language = api_get_setting('platformLanguage');
- if (empty($language)) {
- $language = 'english';
- }
- $_userId = UserManager::create_user(
- $prenom,
- $nom,
- $status,
- $email,
- $uname,
- $password,
- $official_code,
- $language,
- '',
- '',
- 'ldap'
- );
-
-
-
- $uData['user_id'] = $_userId;
- $uData['username'] = $uname;
- $uData['auth_source'] = "ldap";
- $loginFailed = false;
- $uidReset = true;
- $_user['user_id'] = $uData['user_id'];
- Session::write('_uid', $_user['user_id']);
- }
- function ldap_authentication_check($uname, $passwd)
- {
-
- global $ldap_host, $ldap_port, $ldap_basedn, $ldap_host2, $ldap_port2, $ldap_rdn, $ldap_pass;
-
-
-
- $ds = ldap_connect($ldap_host, $ldap_port);
- ldap_set_version($ds);
- $test_bind = false;
- $test_bind_res = ldap_handle_bind($ds, $test_bind);
-
- if ($test_bind_res === false) {
- $ds = ldap_connect($ldap_host2, $ldap_port2);
- ldap_set_version($ds);
- }
- if ($ds !== false) {
-
-
- $filter = "(uid=$uname)";
-
- $result = false;
- $ldap_bind_res = ldap_handle_bind($ds, $result);
-
-
- $sr = ldap_search($ds, $ldap_basedn, $filter);
- $info = ldap_get_entries($ds, $sr);
- $dn = ($info[0]["dn"]);
-
-
- ldap_close($ds);
- }
-
- if ($dn == "") {
- return -1;
- }
-
- if ($passwd == "") {
- return 1;
- }
-
- $ds = ldap_connect($ldap_host, $ldap_port);
- ldap_set_version($ds);
- if (!$test_bind) {
- $ds = ldap_connect($ldap_host2, $ldap_port2);
- ldap_set_version($ds);
- }
-
- if (@ldap_bind($ds, $dn, $passwd) === false) {
- return 1;
- } else {
- return 0;
- }
- }
- function ldap_set_version(&$resource)
- {
-
- global $ldap_version;
- if ($ldap_version > 2) {
- ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3);
-
-
- }
- }
- function ldap_handle_bind(&$ldap_handler, &$ldap_bind)
- {
-
- global $ldap_rdn, $ldap_pass, $extldap_config;
- $ldap_rdn = $extldap_config['admin_dn'];
- $ldap_pass = $extldap_config['admin_password'];
- if (!empty($ldap_rdn) and !empty($ldap_pass)) {
-
- $ldap_bind = ldap_bind($ldap_handler, $ldap_rdn, $ldap_pass);
- if (!$ldap_bind) {
-
-
- $ldap_bind = ldap_bind($ldap_handler);
- }
- } else {
-
- $ldap_bind = ldap_bind($ldap_handler);
- }
- if (!$ldap_bind) {
- return false;
- } else {
-
- return true;
- }
- }
- function ldap_get_users()
- {
- global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass, $ldap_search_dn, $extldap_user_correspondance;
- $keyword_firstname = isset($_GET['keyword_firstname']) ? trim(Database::escape_string($_GET['keyword_firstname'])) : '';
- $keyword_lastname = isset($_GET['keyword_lastname']) ? trim(Database::escape_string($_GET['keyword_lastname'])) : '';
- $keyword_username = isset($_GET['keyword_username']) ? trim(Database::escape_string($_GET['keyword_username'])) : '';
- $keyword_type = isset($_GET['keyword_type']) ? Database::escape_string($_GET['keyword_type']) : '';
- $ldap_query = [];
- if ($keyword_username != "") {
- $ldap_query[] = str_replace('%username%', $keyword_username, $ldap_search_dn);
- } else {
- if ($keyword_lastname != "") {
- $ldap_query[] = "(".$extldap_user_correspondance['lastname']."=".$keyword_lastname."*)";
- }
- if ($keyword_firstname != "") {
- $ldap_query[] = "(".$extldap_user_correspondance['firstname']."=".$keyword_firstname."*)";
- }
- }
- if ($keyword_type != "" && $keyword_type != "all") {
- $ldap_query[] = "(employeeType=".$keyword_type.")";
- }
- if (count($ldap_query) > 1) {
- $str_query = "(& ";
- foreach ($ldap_query as $query) {
- $str_query .= " $query";
- }
- $str_query .= " )";
- } else {
- $str_query = count($ldap_query) > 0 ? $ldap_query[0] : null;
- }
- $ds = ldap_connect($ldap_host, $ldap_port);
- ldap_set_version($ds);
- if ($ds && count($ldap_query) > 0) {
- $r = false;
- $res = ldap_handle_bind($ds, $r);
-
- $sr = ldap_search($ds, $ldap_basedn, $str_query);
-
- $info = ldap_get_entries($ds, $sr);
- return $info;
- } else {
- if (count($ldap_query) != 0) {
- echo Display::return_message(get_lang('LDAPConnectionError'), 'error');
- }
- return [];
- }
- }
- function ldap_get_number_of_users()
- {
- $info = ldap_get_users();
- if (count($info) > 0) {
- return $info['count'];
- } else {
- return 0;
- }
- }
- function ldap_get_user_data($from, $number_of_items, $column, $direction)
- {
- global $extldap_user_correspondance;
- $users = [];
- $is_western_name_order = api_is_western_name_order();
- if (isset($_GET['submit'])) {
- $info = ldap_get_users();
- if ($info['count'] > 0) {
- for ($key = 0; $key < $info["count"]; $key++) {
- $user = [];
-
-
-
-
-
-
- $user[] = $info[$key][$extldap_user_correspondance['username']][0];
- $user[] = $info[$key][$extldap_user_correspondance['username']][0];
- if ($is_western_name_order) {
- $user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8');
- $user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8');
- } else {
- $user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8');
- $user[] = api_convert_encoding($info[$key][$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8');
- }
- $user[] = $info[$key]['mail'][0];
- $user[] = $info[$key][$extldap_user_correspondance['username']][0];
- $users[] = $user;
- }
- } else {
- echo Display::return_message(get_lang('NoUser'), 'error');
- }
- }
- return $users;
- }
- function modify_filter($user_id, $url_params, $row)
- {
- $query_string = "id[]=".$row[0];
- if (!empty($_GET['id_session'])) {
- $query_string .= '&id_session='.Security::remove_XSS($_GET['id_session']);
- }
- $icon = '';
- if (UserManager::is_username_available($user_id)) {
- $icon = 'invitation_friend.png';
- } else {
- $icon = 'reload.png';
- }
-
- $result = '<a href="ldap_users_list.php?action=add_user&user_id='.$user_id.'&'.$query_string.'&sec_token='.Security::getTokenFromSession().'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, api_get_system_encoding()))."'".')) return false;">'.Display::return_icon($icon, get_lang('AddUsers')).'</a>';
- return $result;
- }
- function ldap_add_user($login)
- {
- if ($ldap_user = extldap_authenticate($login, 'nopass', true)) {
- return extldap_add_user_by_array($ldap_user);
- }
- }
- function ldap_add_user_by_array($data, $update_if_exists = true)
- {
- $lastname = api_convert_encoding($data['sn'][0], api_get_system_encoding(), 'UTF-8');
- $firstname = api_convert_encoding($data['cn'][0], api_get_system_encoding(), 'UTF-8');
- $email = $data['mail'][0];
-
- $dn_array = ldap_explode_dn($data['dn'], 1);
- $username = $dn_array[0];
- $outab[] = $data['edupersonprimaryaffiliation'][0];
-
-
-
-
- $password = $data['userPassword'][0];
- $structure = $data['edupersonprimaryorgunitdn'][0];
- $array_structure = explode(",", $structure);
- $array_val = explode("=", $array_structure[0]);
- $etape = $array_val[1];
- $array_val = explode("=", $array_structure[1]);
- $annee = $array_val[1];
-
- $official_code = $etape."-".$annee;
- $auth_source = 'ldap';
-
- $expiration_date = '';
- $active = 1;
- if (empty($status)) {
- $status = 5;
- }
- if (empty($phone)) {
- $phone = '';
- }
- if (empty($picture_uri)) {
- $picture_uri = '';
- }
-
- $user_id = 0;
- if (UserManager::is_username_available($username)) {
- $user_id = UserManager::create_user(
- $firstname,
- $lastname,
- $status,
- $email,
- $username,
- $password,
- $official_code,
- api_get_setting('platformLanguage'),
- $phone,
- $picture_uri,
- $auth_source,
- $expiration_date,
- $active
- );
- } else {
- if ($update_if_exists) {
- $user = api_get_user_info($username);
- $user_id = $user['user_id'];
- UserManager::update_user(
- $user_id,
- $firstname,
- $lastname,
- $username,
- null,
- null,
- $email,
- $status,
- $official_code,
- $phone,
- $picture_uri,
- $expiration_date,
- $active
- );
- }
- }
- return $user_id;
- }
- function ldap_add_user_to_session($UserList, $id_session)
- {
-
- $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
- $tbl_session_rel_class = Database::get_main_table(TABLE_MAIN_SESSION_CLASS);
- $tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
- $tbl_session_rel_course_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
- $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
- $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
- $tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
- $tbl_class = Database::get_main_table(TABLE_MAIN_CLASS);
- $tbl_class_user = Database::get_main_table(TABLE_MAIN_CLASS_USER);
- $id_session = (int) $id_session;
-
- $result = Database::query("SELECT c_id FROM $tbl_session_rel_course WHERE session_id ='$id_session'");
- $CourseList = [];
- while ($row = Database::fetch_array($result)) {
- $CourseList[] = $row['c_id'];
- }
- foreach ($CourseList as $enreg_course) {
- foreach ($UserList as $enreg_user) {
- $enreg_user = (int) $enreg_user;
- Database::query("INSERT IGNORE ".
- " INTO $tbl_session_rel_course_rel_user ".
- "(session_id,c_id,user_id) VALUES ".
- "('$id_session','$enreg_course','$enreg_user')");
- }
- $sql = "SELECT COUNT(user_id) as nbUsers ".
- " FROM $tbl_session_rel_course_rel_user ".
- " WHERE session_id='$id_session' ".
- " AND c_id='$enreg_course'";
- $rs = Database::query($sql);
- list($nbr_users) = Database::fetch_array($rs);
- Database::query("UPDATE $tbl_session_rel_course ".
- " SET nbr_users=$nbr_users ".
- " WHERE session_id='$id_session' ".
- " AND c_id='$enreg_course'");
- }
- foreach ($UserList as $enreg_user) {
- $enreg_user = (int) $enreg_user;
- Database::query("INSERT IGNORE INTO $tbl_session_rel_user ".
- " (session_id, user_id, registered_at) ".
- " VALUES('$id_session','$enreg_user', '".api_get_utc_datetime()."')");
- }
-
- $sql = "SELECT COUNT(user_id) as nbUsers FROM $tbl_session_rel_user ".
- " WHERE session_id='$id_session' ".
- " AND relation_type<>".SESSION_RELATION_TYPE_RRHH." ";
- $rs = Database::query($sql);
- list($nbr_users) = Database::fetch_array($rs);
- Database::query("UPDATE $tbl_session SET nbr_users=$nbr_users ".
- " WHERE id='$id_session'");
- }
- function syncro_users(
- $disableOldUsers = false,
- $deleteStudents = false,
- $deleteTeachers = false
- ) {
- global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass, $ldap_search_dn, $debug;
- $i = 0;
- if ($debug) {
- error_log('Connecting... ('.__FUNCTION__.')');
- }
- $ldapConnect = ldap_connect($ldap_host, $ldap_port);
- ldap_set_version($ldapConnect);
- if ($ldapConnect) {
- if ($debug) {
- error_log('Connected to LDAP server successfully! Binding... ('.__FUNCTION__.')');
- }
- $ldapBind = false;
- $ldapBindRes = ldap_handle_bind($ldapConnect, $ldapBind);
- if ($ldapBindRes) {
- if ($debug) {
- error_log('Bind successful! Searching for uid in LDAP DC: '.$ldap_search_dn);
- }
- $allUserQuery = "uid=*";
- if (!empty($ldap_search_dn)) {
- $sr = ldap_search($ldapConnect, $ldap_search_dn, $allUserQuery);
- } else {
-
- $sr = ldap_search($ldapConnect, $ldap_basedn, $allUserQuery);
- }
- if ($debug) {
- error_log('Entries returned: '.ldap_count_entries($ldapConnect, $sr));
- }
- $info = ldap_get_entries($ldapConnect, $sr);
- for ($key = 0; $key < $info['count']; $key++) {
- $user_id = ldap_add_user_by_array($info[$key], false);
- if ($user_id) {
- if ($debug) {
- error_log('User #'.$user_id.' created from LDAP');
- }
- $i++;
- } else {
- if ($debug) {
- error_log('User '.$info[$key]['sn'][0].' ('.$info[$key]['mail'][0].') could not be created');
- }
- }
- }
- if ($disableOldUsers === true) {
- if ($debug) {
- error_log('Disable mode selected in '.__FUNCTION__);
- if ($deleteStudents) {
- error_log('...with complete deletion of users if disabled');
- }
- }
-
-
-
-
-
- $usersDBShortList = [];
- $usersLDAPShortList = [];
- $sql = "SELECT id, username, status FROM user WHERE auth_source = 'ldap' ORDER BY username";
- $res = Database::query($sql);
- if ($res !== false) {
-
- for ($key = 0; $key < $info['count']; $key++) {
- $dn_array = ldap_explode_dn($info[$key]['dn'], 1);
- $usersLDAPShortList[$dn_array[0]] = 1;
- }
-
-
- while ($row = Database::fetch_assoc($res)) {
- $usersDBShortList[$row['username']] = $row['id'];
-
- if (empty($usersLDAPShortList[$row['username']])) {
- if ($deleteStudents === true && $row['status'] == 5) {
- UserManager::delete_user($usersDBShortList[$row['username']]);
- if ($debug) {
- error_log('Student '.$row['username'].' removed from Chamilo');
- }
- } elseif ($deleteTeachers === true && $row['status'] == 1) {
- UserManager::delete_user($usersDBShortList[$row['username']]);
- if ($debug) {
- error_log('Teacher '.$row['username'].' removed from Chamilo');
- }
- } else {
- UserManager::disable($usersDBShortList[$row['username']]);
- if ($debug) {
- error_log('User '.$row['username'].' disabled in Chamilo');
- }
- }
- }
- }
- }
- }
- if ($debug) {
- error_log('Data for '.$info['count'].' items processed');
- }
-
- } else {
- error_log('Could not bind to LDAP server');
- }
- ldap_close($ldapConnect);
- } else {
- error_log('Could not connect to LDAP server');
- }
- error_log('Ended execution of function '.__FUNCTION__);
- }
|